CMLA Technical Specification

CMLA provides its Client Adopters and Service Providers security services such as key and certificate provisioning mechanisms, certificate status checking, and the overall PKI hierarchy.   The CMLA Technical Specification defines the details needed for the deployment of CMLA based products and services.   CMLA’s underlying content protection technology is based on the Digital Rights Management (DRM) specifications from the Open Mobile Alliance.   This specification supplements but does not replace the OMA DRM specifications.

The following is a high level outline of the CMLA Technical Specification

  • Overview of the CMLA PKI:  defines the PKI hierarchy and specifies the output deliverables from the CMLA system
  • Certificate, CRL, and OCSP profiles:  specifies the details of CMLA certificates, CRLs, and OCSP requests and the mechanisms for their delivery to adopters
  • Technical requirements for ordering device and rights issuer certificates and key material:  defines the methods and formats for delivery of adopter credentials
  • Specifications for implementing mobile broadcast services:  section 15 contains the technical details for CMLA mobile broadcast services
  • Specifications for implementing UltraViolet™ devices and service providers:  section 17 contains the technical details for CMLA compatible UltraViolet™ products
  • Details of CMLA IP including sample code and test vectors:  defines CMLA key transport algorithms that are supported by all devices and rights issuers

Change History

From Version 1.42‐20120817 to 1.43‐20131218
Reference section 2Update DECE specifications references and add a XML signature reference
Add to section 17.4DSP access to domain key was changed and use of the new DomainInformationRequest() was added to the end of the section
From Version 1.41‐20120320 to Version 1.42‐20120817
Def:CMLA-DSPReplace cmla-kp-dece-dm with cmla-kp-dece-dsp
Add to end of 1st paragraph 10.1Both development and production keying material is sent to adopter on 4 DVDs: Production CMLA Root CA Certificate, Production Transport Keys, Development CMLA Root CA Certificate, and Development CMLA Transports Keys
Add 10.1 1 paragraph 2Pubpc key part of the 2048 bit RSA key pair of theCMLA Transport key as a
Add colon to end of 10.1 paragraph 3 of number 3 
Add to paragraph below figure 2 in 10.4(refer to section of [RFC3280])
Correction in 17.5.1Replace cmla-kp-dece-dsp with cmla-kp-dece-dm
From Version 1.40‐20111104 to Version 1.41‐20120320
Correct reference 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 17.4.1, 17.5Changed to Appendix E
Remove all reference to key length change from specification as that should be handled in separate notice to adopters and via the CAB processDelete "CMLA will decide during 2011 the key lengths and certificate vapdity periods that will be used after 2012"
Delete "During 2004-2012 carries" and replace with "Is"
CMLA will decide during 2011 the key lengths and certificate vapdity periods that will be used after 2012. Current expectation is that 2048 bit Device keys will be used after 2012
From Version 1.32‐20110610 to Version 1.40‐20111104
Add new Chapter 17Add support for CMLA DECE implementation as associated reference changes due to C17


You can download the CMLA Technical Specifications here.

You can download the Change History here.

CMLA Agreements

You can find and download the CMLA License Agreements here.

Developer Resources

You can find and download the CMLA Developer Resources here.

Latest News

You can find all the latest CMLA News and Notices here.